Joonun Jang discovered that AdvanceCOMP incorrectly handled certainmalformed zip files. If a user or automated system were tricked intoprocessing a specially crafted zip file, a remote attacker could causeAdvanceCOMP to crash, resulting in a denial of service, or possiblyexecute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the followingpackage versions:

Ubuntu 17.10: advancecomp 2.0-1ubuntu0.1

Ubuntu 16.04 LTS: advancecomp 1.20-1ubuntu0.1

Ubuntu 14.04 LTS: advancecomp 1.18-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

It was discovered that the Erlang FTP module incorrectly handled certainCRLF sequences. A remote attacker could possibly use this issue to injectarbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS.(CVE-2014-1693)

It was discovered that Erlang incorrectly checked CBC padding bytes. Aremote attacker could possibly use this issue to perform a padding oracleattack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS.(CVE-2015-2774)

It was discovered that Erlang incorrectly handled certain regularexpressions. A remote attacker could possibly use this issue to causeErlang to crash, resulting in a denial of service, or execute arbitrarycode. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253)

Hanno BÃ¶ck, Juraj Somorovsky and Craig Young discovered that the Erlangotp TLS server incorrectly handled error reporting. A remote attacker couldpossibly use this issue to perform a variation of the Bleichenbacher attackand decrypt traffic or sign messages. (CVE-2017-1000385)

Update instructions:

The problem can be corrected by updating your system to the followingpackage versions:

Ubuntu 17.10: erlang 1:20.0.4+dfsg-1ubuntu1.1

Ubuntu 16.04 LTS: erlang 1:18.3-dfsg-1ubuntu3.1

Ubuntu 14.04 LTS: erlang 1:16.b.3-dfsg-1ubuntu2.2

After a standard system update you need to reboot your computer to makeall the necessary changes.